Changeset 9257 for main/waeup.kofa/trunk/src

Timestamp:

28 Sep 2012, 19:47:52 (12 years ago)

Author:

Henrik Bettermann

Message:

Protect StudyLevelEditFormPage? and CourseTicketAddFormPage2. Students are not allowed to edit study levels which are not current.

Location:

main/waeup.kofa/trunk/src/waeup/kofa/students

Files:

• browser.py (modified) (2 diffs)
• interfaces.py (modified) (1 diff)
• studylevel.py (modified) (1 diff)
• tests/test_browser.py (modified) (4 diffs)
• viewlets.py (modified) (1 diff)

main/waeup.kofa/trunk/src/waeup/kofa/students/browser.py

@@ -2002 +2002 @@
             emit_lock_message(self)
             return
-        if self.context.student.state != PAID:
+        if self.context.student.state != PAID or \
+            not self.context.is_current_level:
             emit_lock_message(self)
             return
@@ -2084 +2085 @@
 
     def update(self):
-        if self.context.student.state != PAID:
+        if self.context.student.state != PAID or \
+            not self.context.is_current_level:
             emit_lock_message(self)
             return

main/waeup.kofa/trunk/src/waeup/kofa/students/interfaces.py

@@ -430 +430 @@
     number_of_tickets = Attribute('Number of tickets contained in this level')
     certcode = Attribute('The certificate code of the study course')
+    is_current_level = Attribute('Is this level the current level of the student?')
 
     level_session = schema.Choice(

main/waeup.kofa/trunk/src/waeup/kofa/students/studylevel.py

@@ -56 +56 @@
     def number_of_tickets(self):
         return len(self)
+
+    @property
+    def is_current_level(self):
+        try:
+            return self.__parent__.current_level == self.level
+        except AttributeError:
+            return False
 
     def writeLogMessage(self, view, message):

main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_browser.py

@@ -2063 +2063 @@
                         'K1000000 - account activated' in logcontent)
 
-    def test_student_transfer(self):
+    def test_student_locked_level_forms(self):
+
+        # Add two study levels, one current and one previous
+        studylevel = createObject(u'waeup.StudentStudyLevel')
+        studylevel.level = 100
+        self.student['studycourse'].addStudentStudyLevel(
+            self.certificate, studylevel)
+        studylevel = createObject(u'waeup.StudentStudyLevel')
+        studylevel.level = 200
+        self.student['studycourse'].addStudentStudyLevel(
+            self.certificate, studylevel)
+        IWorkflowState(self.student).setState('school fee paid')
+        self.student['studycourse'].current_level = 200
+
+        self.browser.open(self.login_path)
+        self.browser.getControl(name="form.login").value = self.student_id
+        self.browser.getControl(name="form.password").value = 'spwd'
+        self.browser.getControl("Login").click()
+
+        self.browser.open(self.student_path + '/studycourse/200/edit')
+        self.assertFalse('The requested form is locked' in self.browser.contents)
+        self.browser.open(self.student_path + '/studycourse/100/edit')
+        self.assertTrue('The requested form is locked' in self.browser.contents)
+
+        self.browser.open(self.student_path + '/studycourse/200/ctadd')
+        self.assertFalse('The requested form is locked' in self.browser.contents)
+        self.browser.open(self.student_path + '/studycourse/100/ctadd')
+        self.assertTrue('The requested form is locked' in self.browser.contents)
+
+        IWorkflowState(self.student).setState('courses registered')
+        self.browser.open(self.student_path + '/studycourse/200/edit')
+        self.assertTrue('The requested form is locked' in self.browser.contents)
+        self.browser.open(self.student_path + '/studycourse/200/ctadd')
+        self.assertTrue('The requested form is locked' in self.browser.contents)
+
+
+    def test_manage_student_transfer(self):
         # Add second certificate
         self.certificate2 = createObject('waeup.Certificate')
@@ -2076 +2112 @@
         studylevel = createObject(u'waeup.StudentStudyLevel')
         studylevel.level = 200
+        self.student['studycourse'].addStudentStudyLevel(
+            self.certificate, studylevel)
+        studylevel = createObject(u'waeup.StudentStudyLevel')
+        studylevel.level = 999
         self.student['studycourse'].addStudentStudyLevel(
             self.certificate, studylevel)
@@ -2104 +2144 @@
         # Add study level to new study course
         studylevel = createObject(u'waeup.StudentStudyLevel')
-        studylevel.level = 200
+        studylevel.level = 999
         self.student['studycourse'].addStudentStudyLevel(
             self.certificate, studylevel)
@@ -2125 +2165 @@
         self.assertTrue('The requested form is locked' in self.browser.contents)
 
-        self.browser.open(self.student_path + '/studycourse/200/manage')
+        self.browser.open(self.student_path + '/studycourse/999/manage')
         self.assertFalse('The requested form is locked' in self.browser.contents)
-        self.browser.open(self.student_path + '/studycourse_1/200/manage')
+        self.browser.open(self.student_path + '/studycourse_1/999/manage')
         self.assertTrue('The requested form is locked' in self.browser.contents)
 
-        self.browser.open(self.student_path + '/studycourse/200/validate_courses')
+        self.browser.open(self.student_path + '/studycourse/999/validate_courses')
         self.assertFalse('The requested form is locked' in self.browser.contents)
-        self.browser.open(self.student_path + '/studycourse_1/200/validate_courses')
+        self.browser.open(self.student_path + '/studycourse_1/999/validate_courses')
         self.assertTrue('The requested form is locked' in self.browser.contents)
 
-        self.browser.open(self.student_path + '/studycourse/200/reject_courses')
+        self.browser.open(self.student_path + '/studycourse/999/reject_courses')
         self.assertFalse('The requested form is locked' in self.browser.contents)
-        self.browser.open(self.student_path + '/studycourse_1/200/reject_courses')
+        self.browser.open(self.student_path + '/studycourse_1/999/reject_courses')
         self.assertTrue('The requested form is locked' in self.browser.contents)
 
-        self.browser.open(self.student_path + '/studycourse/200/add')
+        self.browser.open(self.student_path + '/studycourse/999/add')
         self.assertFalse('The requested form is locked' in self.browser.contents)
-        self.browser.open(self.student_path + '/studycourse_1/200/add')
+        self.browser.open(self.student_path + '/studycourse_1/999/add')
         self.assertTrue('The requested form is locked' in self.browser.contents)
 
-        self.browser.open(self.student_path + '/studycourse/200/edit')
+        self.browser.open(self.student_path + '/studycourse/999/edit')
         self.assertFalse('The requested form is locked' in self.browser.contents)
-        self.browser.open(self.student_path + '/studycourse_1/200/edit')
+        self.browser.open(self.student_path + '/studycourse_1/999/edit')
         self.assertTrue('The requested form is locked' in self.browser.contents)
 

main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py

@@ -565 +565 @@
     def target_url(self):
         student = self.view.context.student
-        condition1 = student.state != PAID
-        condition2 = student[
-            'studycourse'].current_level != self.view.context.level
+        condition1 = student.state == PAID
+        condition2 = self.view.context.is_current_level
         is_current = self.context.__parent__.is_current
-        if condition1 or condition2 or not is_current:
-            return ''
-        return self.view.url(self.view.context, self.target)
+        if condition1 and condition2 and is_current:
+            return self.view.url(self.view.context, self.target)
+        return ''
 
 class StudentsTab(PrimaryNavTab):